Data Security Breaches

The Institute is obliged under General Data Protection Regulation (GDPR) to ensure that personal data shall be processed in a manner to ensure the appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Information/data is one of our most important assets and each one of us has a responsibility to ensure the security of this information.

A personal data breach means a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This means that a breach is more than just losing personal data.

Any individual who accesses, uses or manages personal data is responsible for reporting data breach incidents to the Data Protection Officer and their Head of Function and the Data Protection Officer as soon as it is detected. If the incident occurs outside of normal working hours it should be reported as soon as is practicable.

Early recognition and reporting is vital to ensure the breach can be dealt with swiftly and appropriately